Insecure HTTP Methods

Description

Insecure HTTP methods other than GET and POST are enabled on the web server. The Hypertext Transfer Protocol (HTTP) which is outlined in RFC 2616 makes available eight methods for web servers. These methods allow additional functionality that an attacker can use to conduct further attacks against the environment and its users.

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

Subscribe here in order to gain access to the AppSec Findings Database